cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Dave-Departed
Paper Tape
Posts: 2
Registered: ‎09-18-2018
Location: JP
Views: 2,071
Message 1 of 5

Changing BIOS to UEFI during SCCM Task Sequence

Hi All,

 

Hoping someone can help.

 

We are looking to use SCCM to offer an In-Place Upgrade of Windows 7 to Windows 10, but a prerequisite from our Security team is that BIOS is converted from Legacy to UEFI, and that Secure Boot is enabled as part of this upgrade process.

 

All Lenovo machines that we are dealing with are X1 Carbons of varying generations.

 

Now, I can call MBT2GPR.exe successfully from my Task Sequence, and convert the partition type to GPR no problem. However, I am then attempting to use the VBScript for SetConfigPassword.vbs to change the boot type to UEFI and enable Secure Boot. Here is the command I am calling from the Task Sequence:

 

cscript.exe SetConfigPassword.vbs SecureBoot Enable <password goes here>,ascii,us

 

Whilst this command works flawlessly if called from inside the full OS, it is very hit and miss during OS Deployment. Obviously, if it fails, when the machine reboots, it is left in a non-bootable state, because MBT2GPR ran successfully, but the BIOS settings were not changed (or not saved, perhaps).

 

For reference, I first tried copying the VBScript locally to the System drive of the machine during the Task Sequence, and calling it later on, at the end of the TS. This never, ever worked.

 

I then tried packaging the VBScript as an SCCM package, and this sometimes works. But I need something solidly reliable.

 

I have seen some people using PowerShell instead, to achieve BIOS settings changes on here - What are my options, please?

 

Any help gratefully received!

Lenovo Employee pjorgensen
Lenovo Employee
Posts: 559
Registered: ‎06-09-2015
Location: US
Views: 2,005
Message 2 of 5

Re: Changing BIOS to UEFI during SCCM Task Sequence

perhaps this blog post will lead you in the right direction.

rgsteele
WWAN
Posts: 167
Registered: ‎04-24-2008
Location: CA
Views: 1,980
Message 3 of 5

Re: Changing BIOS to UEFI during SCCM Task Sequence

Is it mandatory that the conversion to UEFI happen at the same time as the upgrade to Windows 10? Be aware that this will prevent you from being able to roll back to Windows 7 if there are any application compatiblity issues. I would recommend performing the UEFI/Secure Boot conversion in a separate task sequence that runs at a later date.

 

If you check the smsts.log file, it should indicate what caused the script to fail. One possiblity I seem to recall is that different BIOS versions may have different spellings, i.e. on one version you need to use

 

cscript.exe SetConfigPassword.vbs SecureBoot Enable <password goes here>,ascii,us

 

And on another you need to use

 

cscript.exe SetConfigPassword.vbs "Secure Boot" Enable <password goes here>,ascii,us

 

You should also ensure the BIOS and drivers are up to date, as there have been some fixes to the WMI interface to BIOS settings on some models.

Dave-Departed
Paper Tape
Posts: 2
Registered: ‎09-18-2018
Location: JP
Views: 1,953
Message 4 of 5

Re: Changing BIOS to UEFI during SCCM Task Sequence

It's not mandatory that it 100% has to happen during the same TS as the OS upgrade, but it has to automatically happen to any machine that is upgraded from Win 7 to Win 10. If I knew how to automatically populate a dynamic Device Collection with computers that had passed through the In-Place Upgrade TS, then I could do this, I think.

 

Regarding the smsts.log file, it doesn't show why the Lenovo VB script failed, because the script runs. It just doesn't do anything to the BIOS, or doesn't save the settings, all the time. As there is no logging for the VB script, I can't tell why that is. What I do know is that, if you stick the VB script (with the parameters I posted above) in a standalone TS, and call that from Software Center, within the OS, it works all the time.

 

Thanks for the tip on the BIOS update - I'll pass that along to the relevant team. Although, with around 14,000 devices, it may take some time lol!

 

For now, I am trying a different route - I'm calling a PS script after the OS upgrade, which creates a Scheduled Task to run once at next logon. This Scheduled Task will call MBR2GPT and then the Lenovo VB script from inside the full OS, so hopefully this should work! I'll post my results ASAP!

Highlighted
rgsteele
WWAN
Posts: 167
Registered: ‎04-24-2008
Location: CA
Views: 1,928
Message 5 of 5

Re: Changing BIOS to UEFI during SCCM Task Sequence

The output from the VBScript should be logged in smsts.log. Here's a snippet from the smsts.log from a machine I just imaged a few days ago:

 

Microsoft (R) Windows Script Host Version 5.812	InstallSoftware	9/17/2018 5:24:11 PM	1848 (0x0738)
Copyright (C) Microsoft Corporation. All rights reserved.	InstallSoftware	9/17/2018 5:24:11 PM	1848 (0x0738)
InstallSoftware	9/17/2018 5:24:11 PM	1848 (0x0738)
SecureBoot,Enable	InstallSoftware	9/17/2018 5:24:11 PM	1848 (0x0738)
 SetBiosSetting: Success	InstallSoftware	9/17/2018 5:24:11 PM	1848 (0x0738)
Process completed with exit code 0	InstallSoftware	9/17/2018 5:24:11 PM	1848 (0x0738)
 SaveBiosSettings: Success	InstallSoftware	9/17/2018 5:24:11 PM	1848 (0x0738)

Are you not seeing any of this logged for the task sequence step? At a minimum you should be seeing the "Microsoft (R) Windows Script Host" line.

 

It is recommend to run mbr2gpt from within WinPE rather than the full OS, but if it works for you, great! In my limited experience with using it, I successfully converted three machines from within the full OS but a fourth one failed to run within the full OS and succeeded from within WinPE.

Check out current deals!


Shop current deals

Top Kudoed Authors